database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-08 07:21:33 +03:00
Code

Fix some null pointer dereferences in LDAP auth code

Browse Source 
An LDAP URL without a host name such as "ldap://" or without a base DN
such as "ldap://localhost" would cause a crash when reading pg_hba.conf.

If no binddn is configured, an error message might end up trying to print a
null pointer, which could crash on some platforms.

Author: Thomas Munro <thomas.munro@enterprisedb.com>
Reviewed-by: Michael Paquier <michael.paquier@gmail.com>
This commit is contained in:
Peter Eisentraut 2017-11-10 14:21:32 -05:00
parent 18d431bda2
commit 0bcdab58e8
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/libpq/auth.c
View File

@ -2013,7 +2013,8 @@ CheckLDAPAuth(Port *port)
{ {
ereport(LOG, ereport(LOG,
(errmsg("could not perform initial LDAP bind for ldapbinddn \"%s\" on server \"%s\": %s", (errmsg("could not perform initial LDAP bind for ldapbinddn \"%s\" on server \"%s\": %s",
port->hba->ldapbinddn, port->hba->ldapserver, ldap_err2string(r)))); port->hba->ldapbinddn ? port->hba->ldapbinddn : "",
port->hba->ldapserver, ldap_err2string(r))));
return STATUS_ERROR; return STATUS_ERROR;
} }

6
src/backend/libpq/hba.c
View File

@ -1453,9 +1453,11 @@ parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline, int line_num)
return false; return false;
} }
hbaline->ldapserver = pstrdup(urldata->lud_host); if (urldata->lud_host)
hbaline->ldapserver = pstrdup(urldata->lud_host);
hbaline->ldapport = urldata->lud_port; hbaline->ldapport = urldata->lud_port;
hbaline->ldapbasedn = pstrdup(urldata->lud_dn); if (urldata->lud_dn)
hbaline->ldapbasedn = pstrdup(urldata->lud_dn);
if (urldata->lud_attrs) if (urldata->lud_attrs)
hbaline->ldapsearchattribute = pstrdup(urldata->lud_attrs[0]); /* only use first one */ hbaline->ldapsearchattribute = pstrdup(urldata->lud_attrs[0]); /* only use first one */